Randy Bush wrote:
As others pointed out (to me as well), for a _man in the middle_ attack
(e.g. impersonating www.paypal.com) it is necessary to play ARP games or
otherwise insert yourself in the flow of traffic.
not really. you just need to be there first with a bogus, redirecting,
dns response.
I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in
hotels and airports that was setup for "co_presidents_club",
"starbucks", "t-mobile" AND "tmobile", "corporate", etc. I've often
wondered if those users were really being malicious, plain stupid, or
were carrying around a laptop "owned" by someone else. Either way,
there are PLENTY of systems out there pretending to be something they
aren't. I often try to connect to them and get some data, but most
either won't give an IP, or if they do, they don't forward packets or
respond with anything worthwhile. I run a pretty tight system, so
perhaps those faux APs are trying to detect other configs (Client for
MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).
-Jim P.